madmoose Posted December 5, 2005 Posted December 5, 2005 Woke this morning to find someone testing one of my forms, I suppose for injection weaknesses, but not using any characters I'm blocking. What do you suppose they are looking for when they send a form with this content... Name: ª?¥<= E-mail: bom@hotmail.com IP Address: 61.152.169.27 Comments: Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£ Note: I altered the URL as it pointed to a zip file. I have done a decent job of blocking line returns and other false header info. What purpose may it serve spammers to send these characters through a form? Quote
TCH-Don Posted December 5, 2005 Posted December 5, 2005 I have not seen that in a comment field as that field is not such a problem, but I do strip html codes form my form $notes = $_POST["notes"]; $notes = (strip_tags($notes)); $notes = (stripslashes($notes)); so Œ“?«Ã·<pi>©<a href=http://www.xxxxxxx.com>?˜¿‡“«±Ìª?¥<=</a>°£ becomes Œ“?«Ã·©?˜¿‡“«±Ìª?¥ Quote
BluegrassGardener Posted October 29, 2006 Posted October 29, 2006 Don, Trying to understand - what exactly does Œ“?«Ã·©?˜¿‡“«±Ìª?¥ do through the form? Are there instructions somewhere to test a form for vulnerability? Quote
TCH-Don Posted October 29, 2006 Posted October 29, 2006 I can't say, as I don't see the point of the character string. Quote
Deverill Posted October 29, 2006 Posted October 29, 2006 I'd guess that a poorly written form processor would throw out the weird characters and using what's left over accidentally execute the URL to the zip file, thus running it as a privileged user. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.